Jump to content


6

Anyone needs help on H2/H2+, Just relpy here please.


84 replies to this topic

#1 Firass81

Firass81

    Advanced Member

  • Members
  • PipPipPip
  • 119 posts
  • 64 thanks

Posted 19 October 2019 - 10:29 PM

Hi all,

I would like to thank you for you trust, but I have got more PM private messages, and I have no time to respond separatly.

So to get good chances for other,,please put your config here and i will respond.

Backup path, and primary path from R101;

1. your config on all border routers R18,57, R15/16, R55/56
2. your output on R1, sh bgp all summary.

Befor your put your config. please double check on ospf&eigrp and mpls.

All the bests for you.

Thanks

Edited by Firass81, 19 October 2019 - 10:31 PM.


Thanked by 3 Members:
Szurax , JAVI437 , jami30

#2 jami30

jami30

    Advanced Member

  • Members
  • PipPipPip
  • 91 posts
  • 81 thanks

Posted 19 October 2019 - 11:30 PM

hi Firass, you have helped me before in H2+ with backdoor config. Please can you let me know answer for this:

2.4. H2+. Ensure that any prefix originated in any of these main site will not advertise back to same site via redundant gateway.

In H2 we use Type1 and Type2  in redistribution but in H2+ your solution doesn't have this on R15 & R16. So how we satisfy this requirement.

Thanked by 1 Member:
Firass81

#3 Firass81

Firass81

    Advanced Member

  • Members
  • PipPipPip
  • 119 posts
  • 64 thanks

Posted 20 October 2019 - 06:56 PM

View Postjami30, on 19 October 2019 - 11:30 PM, said:

hi Firass, you have helped me before in H2+ with backdoor config. Please can you let me know answer for this:

2.4. H2+. Ensure that any prefix originated in any of these main site will not advertise back to same site via redundant gateway.

In H2 we use Type1 and Type2  in redistribution but in H2+ your solution doesn't have this on R15 & R16. So how we satisfy this requirement.

Thank you.

{{{{   2.4. H2+. Ensure that any prefix originated in any of these main site will not advertise back to same site via redundant gateway }}}}}

that means as next:

1. For the core network Jamason and Jacobs: the external eigrp must not cause a loop.
2. For the whol network:
   a. the prefix that comes from AS 65005 to DC 65002 must not advertise back to MPLS domain
   b. the prefix that comes from DC AS 65002 to AS 65004 must not also adivertise back to MPLS domain.
   c. we must take care of the aggragate command that originates summary address on R18/57, Those must not also advertise back to MPSL domain from AS65005 and AS65002.

3. You can fix those problem, Just by take a look at the bgp vpn rd table on RR R1 to see what are the prefixes there.


{{{{  In H2 we use Type1 and Type2  in redistribution but in H2+ your solution doesn't have this on R15 & R16. So how we satisfy this requirement. }}}}

there is no requirement ask exactly what must you use on redistribution in both H2/H2+.
You have free to do it in the way that you see it perfect for you.

the important thing here is to match the first your question to block prefixes from re- redistribution back .

That is it.

All the best for you.


Thanked by 2 Members:
jami30 , bluemoon55

#4 zlat

zlat

    Member

  • Members
  • PipPip
  • 14 posts
  • 2 thanks

Posted 21 October 2019 - 10:16 AM

View PostFirass81, on 20 October 2019 - 06:56 PM, said:


1. For the core network Jamason and Jacobs: the external eigrp must not cause a loop.
2. For the whol network:
   a. the prefix that comes from AS 65005 to DC 65002 must not advertise back to MPLS domain
   b. the prefix that comes from DC AS 65002 to AS 65004 must not also adivertise back to MPLS domain.
   c. we must take care of the aggragate command that originates summary address on R18/57, Those must not also advertise back to MPSL domain from AS65005 and AS65002.



Hello  Firass,

I'm a bit confused about 10.0.0.0/8 and 172.0.0.0/8 in H2.
- should R15/R16 announce 10.0.0.0/8 to the MPLS domain or not?
- should R55/R56 announce 172.0.0.0/8 to the MPLS domain or not?


Thank you!

#5 Firass81

Firass81

    Advanced Member

  • Members
  • PipPipPip
  • 119 posts
  • 64 thanks

Posted 21 October 2019 - 11:37 AM

View Postzlat, on 21 October 2019 - 10:16 AM, said:

Hello  Firass,

I'm a bit confused about 10.0.0.0/8 and 172.0.0.0/8 in H2.
- should R15/R16 announce 10.0.0.0/8 to the MPLS domain or not?
- should R55/R56 announce 172.0.0.0/8 to the MPLS domain or not?


Thank you!


Hey man,

{{{ should R15/R16 announce 10.0.0.0/8 to the MPLS domain or not? }}}

In general, you must take a look at the output on R11, it shows: sh ip rou bgp 10.2.0.0/16 or sh ip bg 10.0.0./8, from this command you can decide what summary you must use

But I wanna say, that is:

In H2: you must announce the summary 10.2.0.0/16
in H2+: you must announce the summary 10.0.0.0/8

to MPLS domain.

{{{ - should R55/R56 announce 172.0.0.0/8 to the MPLS domain or not? }}}

In H2: He asks to use summary 172.18.0.0/16, even he doesn't ask, there is an ouptput approves that.
In H2+: He asks not to use aggregate-summary command clearly on R55/56.

For filter on R55/56, we must filter in H2/H2+ from announce to MPLS domain. this summary 172.0.0.0/8 comes from aggaragate-summary command on R57 back to the same domain AS65005. you can filter it under eigrp on R57

ip prefix-list DENY deny 172.0.0.0/8
ip prefix-list DENY permit 0.0.0.0/0 le 32

router eigrp 10
distribute prefix-list DENY out

P.S

please don't touch the pre-config flilter on R55/56, at all events it is true. but you can change the eigrp metric during redistribution bgp into eigrp, especially in H2+ to make it better than that comes from redistribute bgp into eigrp on R57.

If I have understood you correctly, we must NOT use network command for those summary, because we have under bgp proccess redistribute command and the aggragate command will advertise those summary.
In H3 it is a litte bit different, we must use netwok command for loopback to activate aggragate command. because there is no redistribute command under bgp process. Actually it is forbidden.
All the bests

Edited by Firass81, 21 October 2019 - 11:43 AM.


Thanked by 2 Members:
bluemoon55 , zlat

#6 nagent2018

nagent2018

    Member

  • Members
  • PipPip
  • 17 posts
  • 3 thanks

Posted 22 October 2019 - 06:44 AM

Hi bro,

Thanks for explanation. Here are my questions:

1. Could you check such type of solution for OSPF default route advertisement on R15/16?

router bgp 65002
nei 10.254.0.X default-originate

I think it's not correct. Cause this type of default route advertisement is performed even if R15/16 doesn't have default routes from OSPF.

2. Can I edit prefix-list pre-configurations on the lab?

I have seen H2 pre-config with bgp to eigrp redistribution filter on R55/56, which doesn't let to advertise AS65007 (Jacob's Office) routes into AS65005.
What can we do in such situations?

Thank you.

Thanked by 1 Member:
Firass81

#7 RAT123

RAT123

    Member

  • Members
  • PipPip
  • 40 posts
  • 844 thanks

Posted 22 October 2019 - 07:01 AM

1. router bgp 65002
.
default-information originate

2. Yes you can If you need match those areas

#8 cci

cci

    Member

  • Members
  • PipPip
  • 38 posts
  • 1524 thanks

Posted 22 October 2019 - 08:29 AM

Hi




regarding sec 2.8
backdoor

task mention:
  -  only 10.2.100.0/24 and 172.18.1.0/24 should go via backdoor
  -  remaining should go via mpls
  -  do NOT use route-map or ACL to achieve this one
      - R18/R57 must advertise summary to internal IGP

if guys finished all section
then please go and check trace from SW-10 to Jamesons HQ , Main office and Jacob office

for example :
sw-10 # trace 10.17.x.x

the thing is SW-10 is having
10.0.0.0/8 via backdoor
172.0.0.0/8 via backdoor
==> this is an issue (blackhole )
also in R55 and R56 we do Deny 172.0.0.0/8 le 32 when redistribution from BGP to EIGRP
-------------------------
solution from my side (i dun know if it's correct or not)
as task mention to not use route-map or ACL to this one

in SW-10 deny 10.0.0.0/8 and 172.0.0.0/8 in prefix-list then do distribut-list prefix .. in

^_^

Edited by cci, 22 October 2019 - 08:35 AM.


#9 Firass81

Firass81

    Advanced Member

  • Members
  • PipPipPip
  • 119 posts
  • 64 thanks

Posted 22 October 2019 - 01:46 PM

View Postnagent2018, on 22 October 2019 - 06:44 AM, said:

Hi bro,

Thanks for explanation. Here are my questions:

1. Could you check such type of solution for OSPF default route advertisement on R15/16?

router bgp 65002
nei 10.254.0.X default-originate

I think it's not correct. Cause this type of default route advertisement is performed even if R15/16 doesn't have default routes from OSPF.

2. Can I edit prefix-list pre-configurations on the lab?

I have seen H2 pre-config with bgp to eigrp redistribution filter on R55/56, which doesn't let to advertise AS65007 (Jacob's Office) routes into AS65005.
What can we do in such situations?

Thank you.

Hey man,

for your question:
{{{   router bgp 65002
nei 10.254.0.X default-originate

I think it's not correct. Cause this type of default route advertisement is performed even if R15/16 doesn't have default routes from OSPF. }}}

Actually you have a good catch to get this question.


You can configure it as the next reply:

RAT123 says:
  router bgp 65002
default-information originate

The different between them as you said. we have in TS1 many pre-config. one of them under bgp proccess on R17/18 it was configured to redistribute static route and hence we must configure to advertise a default route ad RAT123 said otherwise we advertise it on a neighbour.

Back to your question, if you noticed that in the exam H2/2+ in HQ and Main office Jameson, he asks to advertise ospf default route even if there was no  a default route in all borders routers. that measns we must use always command.
As long as he is not mentioned to use a condition to advertise it on R15/16, there is no problem to advertise it without a condition.

{{{ 2. Can I edit prefix-list pre-configurations on the lab? }}

Yes of course you can, in all labs you can edit and correct anything, you cann't do it in all TS1/2



{{{ I have seen H2 pre-config with bgp to eigrp redistribution filter on R55/56, which doesn't let to advertise AS65007 (Jacob's Office) routes into AS65005.
What can we do in such situations? }}}

Please Don't confige this, because there is no requirement demands that. and if you configure it, then you will lose points, because the filter on R55/56 didn't meet the requirement as Cisco wants.

All the bests.

Edited by Firass81, 23 October 2019 - 12:06 AM.


Thanked by 1 Member:
nagent2018

#10 cgca1620

cgca1620

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 4 thanks

Posted 23 October 2019 - 11:22 PM

Hi Firass thanks for your advices, got a couple of questions , how did you configure the loop avoidence on DC and Jacobs regarding R18,R15/16 , did you use type 1 on R18 and Type 2 and internal towars bgp on R15/16? and how you set R55/56 in order to avoid the prefix 10.0.0.0/8 to enter the mpls ?

Edited by cgca1620, 23 October 2019 - 11:24 PM.


Thanked by 1 Member:
Firass81

#11 oc093279

oc093279

    Member

  • Members
  • PipPip
  • 22 posts
  • 10 thanks

Posted 24 October 2019 - 06:01 PM

Hi

Is below complete solution? Do have to use METRIC route-map ..?

On R9/R10

route-tag not do

route-map METRIC permit 10
match metric 10 +- 11
set metric 10000 100 255 1 1500
route-map METRIC permit 20
set metric 1000 100 255 1 1500

route-map DENY deny 10
match tag 172.172.172.172
route-map DENY permit 20

router eigrp JACOBS
add family unic aut 1
topology base
redistribute ospf 1 route-map METRIC

router ospf 1
redistrubutre eigrp 1 subnets

distribute-list route-map DENY in

------
do we config eigrp default-route-tag 172.172.172.172   on all routers running eigrp or route-tag notation dotted-decimal  is enough?

thanks

Thanked by 1 Member:
Firass81

#12 Firass81

Firass81

    Advanced Member

  • Members
  • PipPipPip
  • 119 posts
  • 64 thanks

Posted 24 October 2019 - 09:54 PM

View Postcgca1620, on 23 October 2019 - 11:22 PM, said:

Hi Firass thanks for your advices, got a couple of questions , how did you configure the loop avoidence on DC and Jacobs regarding R18,R15/16 , did you use type 1 on R18 and Type 2 and internal towars bgp on R15/16? and how you set R55/56 in order to avoid the prefix 10.0.0.0/8 to enter the mpls ?

Hey,

I assume that your question about H2+, if so, my answer would be for it:

Yes you are right, i used metric-type 1 on R18, and i leave all redistribution as default on R15/16

router os 1
redistribute bgp 65002 subnets ----------------------> here is the default metric-type 2 E2, in this way all DC's devices would get the prefix from R18 with a metric E1 and prefix from R15/16 with E2 and all would prefed E1

router bgp 65002
redistribute ospf 1   -------------> the default here is to redistrute only intra and inter ospf, no warry about all exteranl ospf E1/2 from re-redistrute againg into bgp and this is a filter for a loop.

{{{ how you set R55/56 in order to avoid the prefix 10.0.0.0/8 to enter the mpls ? }}}

there is no fear here, becaus there is a prefconfig to filter it in the exam as next; with route-map or without it, directly using prefix-list:

ip prefix-list 172 deny 172.0.0.0/8
ip prefix-list 172.permit 172.18.0.0/16 (this entry i think like this)

As you see, impilicty deny 10.0.0.0/8 from intering into MPLS domain.

that is it.

All the bests

Thanked by 1 Member:
paeengi8

#13 Firass81

Firass81

    Advanced Member

  • Members
  • PipPipPip
  • 119 posts
  • 64 thanks

Posted 24 October 2019 - 09:59 PM

View Postoc093279, on 24 October 2019 - 06:01 PM, said:

Hi

Is below complete solution? Do have to use METRIC route-map ..?

On R9/R10

route-tag not do

route-map METRIC permit 10
match metric 10 +- 11
set metric 10000 100 255 1 1500
route-map METRIC permit 20
set metric 1000 100 255 1 1500

route-map DENY deny 10
match tag 172.172.172.172
route-map DENY permit 20

router eigrp JACOBS
add family unic aut 1
topology base
redistribute ospf 1 route-map METRIC

router ospf 1
redistrubutre eigrp 1 subnets

distribute-list route-map DENY in

------
do we config eigrp default-route-tag 172.172.172.172   on all routers running eigrp or route-tag notation dotted-decimal  is enough?

thanks

Hey,


{{{ do we config eigrp default-route-tag 172.172.172.172   on all routers running eigrp or route-tag notation dotted-decimal  is enough?}}}

No we couldn't use this command  eigrp default-route-tag 172.172.172.172 Only use dootted-deicaml on all eigrp routers, that is enough to meet the requirement.

P.S:

Your config is prefect, you don't need anything else. that is what i did it in the exam.


All the bests.

Thanked by 2 Members:
cgca1620 , oc093279

#14 cgca1620

cgca1620

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 4 thanks

Posted 24 October 2019 - 10:43 PM

Thanks bud , my question was about h2 , cause when you set metric type 1 on R18 then on h2 you have a preconfig with a route-map allowing the prefix 172.0.0.0/8 to enter into the mpls in R55/56 , then R15/16 inject this as type 1 into DC, then from sw4 point of view it woill have two routes with the same metric towars 172.0.0.0 one through the mpls type 1 and the other one through R18 , then will load balance the traffic .

Edited by cgca1620, 24 October 2019 - 10:44 PM.


Thanked by 1 Member:
Firass81



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top